A generic TimingProfiler
is now available for all targets supported by StackAnalyzer and ValueAnalyzer.

Greatly improved performance

The analysis speed and memory consumption have been improved by streamlining the analysis toolchain
and reducing the number of required tool runs. Extreme speedups can now be achieved, especially on projects
with a large main analysis and many smaller subanalyses.

Qualification Support Kits

New compiler-specific QSK for StackAnalyzer for PowerPC with GCC 4.3.3.

Additional test cases for StackAnalyzer for PowerPC with GCC 4.1.2.

New test cases for:

routine-local increase of call string length

recursive routine-local increase of default unroll

marking targets of a computed call infeasible

propagated stack effect on not-analyzed code that is declared to obey calling conventions

bound annotations of irreducible recursions and loops

the new GUI option “Use legacy AIS annotations”

26 new test cases for ResultCombinator.

Consistency checks for XML result and XML report files.

Additional tool run for checking the AIS2 entries operator within qk_ais2_expression_pp_area operators.

Requirement identifiers in the reports are now prefixed with REQ_
to better distinguish them from test case identifiers.

Tool run execution is now done by calling alauncher rather than the a³ GUI.

Linux support

The Linux version now requires the libxcb-* family of libraries to be installed.

Integrated context-sensitive help

You can now simply press F1
to get context-sensitive help
for the current screen, a selected keyword, or a highlighted message.
The previously separate quick references for graphs and AIS are now integrated in this help as well.

Support archives

In addition to packing the complete project as before,
you can now choose to only pack the most recent analysis run.
This is very fast, as no recomputations are needed.

Workspaces

Improved open/save performance.

Additional information is now kept when saving a Workspace, such as the
current folding state of the analysis list.

Overhauled examples

The provided example projects have been improved to showcase more analysis features.

Other improvements

In the project tree, all open AIS files of a particular analysis are now grouped together.

Decoding

The decoder now reports more precisely what information it is reading
from writable data sections to reconstruct the control flow:

Reading 4 bytes (0x204) at address 0x24a8 (variable 'arr[1]') from writable section '.data' to reconstruct the control flow.
You should manually verify the reconstructed control flow.
Potentially you might need to annotate branch/call targets.

Improved switch and call pattern resolving by taking the calling conventions into account.

Function-local static variables can now be addressed in AIS2 by means of DWARF debug information.
To avoid conflicts with global variables, the name of the enclosing function is prefixed.

As and example, consider the following source code snippet:

void handle_msg (...) {
static int buffer[128];
...
}

The local static variable buffer can then be addressed via handle_msg::buffer.

The decoder now reports if user-provided contents of memory regions are located in volatile memory.

Analysis settings

New option “Use legacy AIS annotations” (under Setup → Decoding).
The default is false for new projects, true for old ones.
When the option is disabled, all AIS files will be parsed as AIS2, allowing to use AIS2 annotations
freely without the ais2 scope and disabling the legacy AIS1 annotations.

The default for “Assume aligned data accesses” has been changed to false.

ARM: the new default target is now “Generic ARMv7” rather than ”Generic ARMv5“.

e200: core-local IMEM and DMEM base addresses can now be configured.

Stack and value analysis

Improved analysis speed and memory usage.

Higher precision for:

64-bit multiplication

loop bound computation

XOR operations used to compare two operands

short call string lengths

calls of mixed types (e.g. normal and tail) to same routine

Improved loop analysis for:

loops with complex counter updates

loops with modulo computations

multi-exit loops

Improved heuristics based on DWARF debug information.

When the option “Use DWARF debug information to restrict memory accesses” is enabled,
in addition to the sharpening of the accesses it will now try to derive loop bounds.
In reports, such bounds will be marked as heuristic matches:

Loop 'memcpy.L2': heuristic matches in all contexts with [2..17] iterations
(loop is assumed to iterate over array(s) 'buffer')

More accurate wording of message #3079 for a not-analyzed routine
that is annotated as having a stack effect but no stack usage. Example:

routine "min" {
not analyzed;
stack effect: 555 bytes;
}

The new message now reads:

#3079: Assuming a stack usage of [0..555] bytes for routine 'min'.

The old message would simply say “0 bytes” instead, not accurately reflecting
the values the analysis was actually working with.

For external and not analyzed routines, when the analyzer
assumes that calling conventions are obeyed, it now also assumes
a balanced stack effect. The effect is deduced from the calling instruction.

For TriCore, the effect of a ret instruction is simulated if no
proper call*, fcall*. jl*, syscall,
trapv or trapsv has been used to call the external (or not analyzed)
routine, e.g. in case of tail calls.

As a result, some messages may change from

No assumptions are made on the stack effects for routine 'foo'.
Annotation hint:

Not analyzed code snippets are now always classified as violations of calling conventions.
Consequently, the following messages will not be emitted anymore:

warning #3099:
In routine ':Anon_0x116e', at address 0x116e:
No assumptions are made on the stack effects for excluded code snippet ':Anon_0x116e'.

Annotation hint:

ais2 { routine ":Anon_0x116e" { obeys calling conventions: false; } }

The analyzer now informs you if an “obeys calling conventions: true” annotation has been overruled:

Info #3114: In "foo/main.c", line 12:
In routine ':Anon_0x8001620', at address thumb::0x8001620:
In "foo.ais", line 13, column 5:
The analysis assumes a violation of calling conventions for routine ':Anon_0x8001620'.
Ignoring annotation that states the opposite.

Graph visualization

Irreducible loops are now marked in a special color.

Annotation hints have been improved.

Messages with identical annotation hints are now grouped.

Recursion groups can now be extracted from the graph and displayed by themselves.

You can now create analyses from routine nodes in call graphs.

ResultCombinator

ResultCombinator results are now included in the XML report file.
The structure of the subtree is: